{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1975", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-05T13:33:51.369Z", "datePublished": "2026-02-06T02:32:10.390Z", "dateUpdated": "2026-02-23T09:20:12.642Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:20:12.642Z"}, "title": "Free5GC pfcp_reports.go identityTriggerType null pointer dereference", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "Free5GC", "versions": [{"version": "4.0", "status": "affected"}, {"version": "4.1.0", "status": "affected"}], "cpes": ["cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Applying a patch is advised to resolve this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-02-05T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-05T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-09T17:03:04.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "LinZiyu (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.344497", "name": "VDB-344497 | Free5GC pfcp_reports.go identityTriggerType null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.344497", "name": "VDB-344497 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.743238", "name": "Submit #743238 | free5gc SMF v4.1.0 Denial of Service", "tags": ["third-party-advisory"]}, {"url": "https://github.com/free5gc/free5gc/issues/814", "tags": ["issue-tracking"]}, {"url": "https://github.com/free5gc/free5gc/issues/814#issue-3831993593", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/free5gc/smf/pull/189", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/free5gc/free5gc/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-06T19:33:26.364520Z", "id": "CVE-2026-1975", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T19:33:34.244Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1975", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-06T19:33:26.364520Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T19:33:31.040Z"}}], "cna": {"title": "Free5GC pfcp_reports.go identityTriggerType null pointer dereference", "credits": [{"lang": "en", "type": "reporter", "value": "LinZiyu (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*"], "vendor": "n/a", "product": "Free5GC", "versions": [{"status": "affected", "version": "4.0"}, {"status": "affected", "version": "4.1.0"}]}], "timeline": [{"lang": "en", "time": "2026-02-05T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-05T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-09T17:03:04.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.344497", "name": "VDB-344497 | Free5GC pfcp_reports.go identityTriggerType null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.344497", "name": "VDB-344497 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.743238", "name": "Submit #743238 | free5gc SMF v4.1.0 Denial of Service", "tags": ["third-party-advisory"]}, {"url": "https://github.com/free5gc/free5gc/issues/814", "tags": ["issue-tracking"]}, {"url": "https://github.com/free5gc/free5gc/issues/814#issue-3831993593", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/free5gc/smf/pull/189", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/free5gc/free5gc/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Applying a patch is advised to resolve this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:20:12.642Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1975", "state": "PUBLISHED", "dateUpdated": "2026-02-23T09:20:12.642Z", "dateReserved": "2026-02-05T13:33:51.369Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-06T02:32:10.390Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF0DB381-157B-4D05-B3D3-A2419F1D0E05", "versionEndIncluding": "4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Applying a patch is advised to resolve this issue."}], "id": "CVE-2026-1975", "lastModified": "2026-02-09T15:15:28.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-06T03:15:49.313", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/free5gc/free5gc/"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/free5gc/free5gc/issues/814"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/free5gc/free5gc/issues/814#issue-3831993593"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/free5gc/smf/pull/189"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.344497"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.344497"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.743238"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}, {"lang": "en", "value": "CWE-476"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T18:25:37.121918+00:00", "value": {"mitigation_remediation": ["Upgrade Free5GC to the latest release that includes the patch for the identityTriggerType null pointer dereference (see pull request\u202f189).", "If an immediate upgrade is not possible, isolate or block PFCP traffic that triggers the identityTriggerType function to mitigate crash risk until a patch is applied.", "Monitor system logs for PFCP crash events."], "summary": {"action": "Patch", "impact": "Denial of Service via null pointer dereference"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all Free5GC releases up to and including version 4.1.0. Administrators running these versions should review their deployment versions and plan an upgrade.", "description_and_impact": "A flaw in Free5GC\u2019s pfcp_reports.go function identityTriggerType can lead to a null pointer dereference. The resulting crash disrupts the PFCP processing component, potentially causing a loss of service availability. The vulnerability is exploitable remotely, and publicly disclosed exploits may trigger the crash for an attacker. The impact is primarily disruptive.", "risk_and_exploitability": "The flaw carries a CVSS score of 6.9, indicating moderate severity. The EPSS score is below 1%, implying a low exploitation probability at this time. The vulnerability is not listed in the CISA KEV catalog. It can be triggered over the network by a remote attacker, suggesting that exposed PFCP endpoints may be targeted. Due to the low exploitation probability, the immediate risk is moderate, but the potential service disruption warrants prompt remediation."}}}}, "created": "2026-02-06T12:04:55.688294+00:00", "updated": "2026-04-18T18:30:07.289660+00:00", "vendors": ["free5gc", "free5gc$PRODUCT$free5gc"]}